NetScaler SDX puts ÖBB on course for growth

ÖBB-IKT GmbH is the IT service provider for the ÖBB Group and responsible for optimising and securing the company's web infrastructure on Citrix NetScaler technology. The Application Delivery Controller from Citrix relieves the back-end systems in the data centre and ensures that the Group's websites are secure and available at any time. Now, the IT organisation has taken the decision, in cooperation with its partner, HTH Consulting, to upgrade to the latest generation of Citrix products. NetScaler SDX offers the ÖBB Group additional scaling options and simplifies the management and operation of the IT infrastructure through virtualisation.

450 million passengers and more than 120 million tonnes of goods are safely transported on the Austrian Federal Railways (ÖBB) each year. Every day, the railway company has 6.500 trains travelling around its network of train routes, covering a distance equivalent to travelling ten times around the earth. The ÖBB Group is by far the largest mobility service provider in Austria. Three companies under the strategic umbrella of ÖBB-Holding AG today employ more than 40.000 employees and have set themselves the goal of making rail transport the environmentally friendly choice in the future.

In order to provide comprehensive mobility services, the company's website now plays a central role. Under www.oebb.at, the Group combines diverse services and information for passengers and corporate clients - from excursions to statistical information. But at the heart of the website are timetable information and the electronic ticket service. Both applications have recently become available as mobile apps for smartphones and tablets.

"Our website has grown enormously in recent years and is now one of the most visited websites in Austria," says Stefan Schultheis, service architect at ÖBB-IKT GmbH. "In order to meet the increasing demands, we are continuously developing the Web infrastructure in the background."

NetScaler already in use for several years

An important step was the introduction of a Citrix NetScaler solution in 2008. Two NetScaler applications have been installed as Application Delivery Controllers in two data centres to allow the ÖBB ICT to improve the availability and performance of Web applications. "The Web infrastructure of ÖBB consists of countless geographically distributed servers that belong to different companies within the Group. Our aim was to disperse the web traffic as evenly as possible and to seamlessly forward user requests to the available servers," explains Schultheis.

Together with HTH Consulting, ÖBB installed the NetScaler solution in its own infrastructure, after a proof-of-concept delivered convincing results. In the test, it became clear that the Citrix network appliances not only ensure an intelligent and resilient load distribution, but also reduce the load on the back-end systems. The caching technology from NetScaler allows, for example, the company to store static or dynamically generated web content in the memory of the appliance so that they do not always have to be reloaded from the Web servers.

In addition, features such as HTTP compression, TCP optimisation, and SSL offload relieve the systems in the backend while improving Web performance on the user side. "By combining the different acceleration technologies we were able to reduce the average time for delivery of a dynamic website from 1,1 seconds 0,1 seconds," reportsSchultheis. "Just a function such as SSL offload takes a lot of work off the back-end systems because processor-intensive tasks such as scheduling of SSL connections are now carried out directly on the NetScaler appliances. This has also allowed us to postpone a planned hardware upgrade to the Web server for another two years."

Web AppFirewall protects online applications

In a second phase of the project, the ÖBB-IKT GmbH web team installed a built-in NetScaler Web AppFirewall. Using this security component ÖBB's numerous web applications should be fully protected against attacks such as cross-site scripting, SQL injection or buffer overflow. The NetScaler AppFirewall blocks all known attack patterns at the application level and with its integrated positive security model, also offers protection against previously unknown zero-day attacks. The Citrix solution automatically detects which user actions are allowed in the application, and thus prevents unauthorised or suspicious application queries.

The AppFirewall protects any sensitive customer information when it is communicated on the web. For example, if the number pattern of a credit card number is detected, that information is automatically made unreadable.

"With the NetScaler AppFirewall we can reliably protect all of our customer and partner web interfaces against new threats. The technology has therefore become an important component of our Web security architecture." The value of the NetScaler solution for the safety of the ÖBB-portal has been confirmed on several occasions during external security audits. Security specialists have, for example, shown that they can ward off large-scale Denial of Service attacks reliably with the Citrix technology.

NetScaler SDX: Virtualised networking architecture for the ÖBB

Four years after the first generation NetScaler implementation, an extension was needed to bring the environment up to the latest technical standards. "In the development of our infrastructure we wanted to further improve the scalability of the environment and to take advantage of the benefits of virtualization for administration and operation," said Schultheis, ÖBB-IKT GmbH. "We were able to precisely meet these requirements with NetScaler SDX and TriScale from Citrix."

NetScaler SDX is a highly scalable, multi-tenant cloud networking platform. Up to 40 fully isolated NetScaler applications can run on a single device. The solution combines the NetScaler capabilities of high-performance, secure and highly available deployment of services, with the flexible deployment options of a powerful virtualisation platform.

From the perspective of service-architect this approach offers significant advantages: "With NetScaler SDX we are able to completely disconnect less critical applications so that the system can run mission critical applications. We do this for system resources such as CPU, memory, or SSL processing capacity. This power cannot be affected. At the same time, the consolidation of different systems on a single appliance means management is considerably simplified."

In close cooperation with HTH Consulting, the new NetScaler Generation was implemented at ÖBB. Two NetScaler SDX 11500 appliances are working today as a highly available solution in two different data centres. In contrast to the previous active-passive configuration, today both physical appliances are actively used for the operation of production systems. "The virtualisation architecture of NetScaler SDX has not only helped us to make the operation of the Application Delivery Controller flexible and fail-safe - but also to optimise resource utilisation," emphasises Schultheis.

Boundless scalability thanks to TriScale technology

In the face of rising resource requirements, the ÖBB Group is now well prepared with the new solution: thanks to the "Pay-As-You-Grow" licensing model from Citrix, the Group can improve the performance of the two SDX appliances gradually as needed. For example, the maximum data throughput of the devices is up to 40 Gbps and the number of SSL transactions per second has increased from 50.000 to 330.000. To unlock the extra power, the employees of the ÖBB ICT must continue to enter a new license key - a replacement of the appliances is not needed.

Citrix NetScaler now provides the company with three different scaling options: If additional NetScaler instances are needed, these can easily be made available as virtual appliances. The power of physical appliances can be increased quickly and easily via "Pay-As-You-Grow". With growing requirements it is also possible to install additional physical NetScaler appliances and to connect the existing appliances into a cluster. This TriScale approach from Citrix helps organisations with rapidly expanding online platforms to flexibly adjust the capacity of their environment to meet demand. "With the new generation NetScaler, we are very well prepared for the future," summarises Schultheis. "We have now laid the foundation to ensure that our infrastructure can keep pace with the expected growth in our online services over the coming years."

In the development of our infrastructure we wanted to further improve the scalability of the environment and to take advantage of the benefits of virtualization for administration and operation. We were able to precisely meet these requirements with NetScaler SDX and TriScale from Citrix.